James is absolutely right with regard to a traditional NAS set-up. When looking at a cloud-based NAS – which also support Microsoft’s Active Directory - there are additional concerns surrounding security. In addition to the traditional on-premise security controls, a cloud-based NAS must address the issue of data encryption from on premise all the way through to the cloud. A secure virtual NAS will use AES 256-bit encryption and offer users the ability to manage their own encryption keys. No one but the key holder can ever access the data so it is effectively crypto-shredded, eg destroyed and inaccessible, without the matching key.

Every modern NAS appliance includes user security features to allow or restrict file access based on usernames and passwords. Appliances can be completely open so everyone on the network can see every file, completely closed so that each user can see only their files, or a combination of the two.

Commonly, NAS appliances come pre-configured with a volume or folder for shared files, and each user defined in the system also gets a private folder for personal storage. Each user must provide a username and password to gain access to their private folders. No other user can see their private files.

NAS vendors also support Microsoft's Active Directory, so that the NAS appliance can be managed by the more extensive Windows Server security tools. In this case, each user gains access to their private folder area based on their Windows Server username and password. Often, the user doesn't even know their files are stored on a NAS rather than the Windows file server.